Cherry-pick security-relevant fixes from upstream imath library.
This covers alterations to buffer sizing and zeroing made between imath
1.3 and imath 1.20. Valgrind Memcheck identified the buffer overruns
and reliance on uninitialized data; their exploit potential is unknown.
Builds specifying --with-openssl are unaffected, because they use the
OpenSSL BIGNUM facility instead of imath. Back-patch to 9.0 (all
supported versions).
Security: CVE-2015-0243
Branch
------
REL9_3_STABLE
Details
-------
http://git.postgresql.org/pg/commitdiff/a558ad3a7e014d42bc7e22df53c4a019e639df14
Modified Files
--------------
contrib/pgcrypto/imath.c | 24 +++++++++++++++---------
1 file changed, 15 insertions(+), 9 deletions(-)
Есть вопросы? Напишите нам!
Соглашаюсь с условиями обработки персональных данных
✖
By continuing to browse this website, you agree to the use of cookies. Go to Privacy Policy.
